The physical access control system (PACS) mediates access to the computer room using iris scanning in a one-to-many (1:N) biometric identification matching approach. Which of the following is the most likely attack against the PACS as a physical control?
A. Replay attack
B. Birthday attack
C. Social engineering
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Replay attack.
The following diagram demonstrates nine points of attacks against a biometric system. Replays of the biometric data from the sensor to the feature extractor are one of them.
- “Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.” (Wikipedia) The PACS is an authentication system. It’s not people and immune from psychological manipulation.
- With a birthday attack, it is possible to find a collision of a hash function.
- Meet-in-the-middle cracked Double DES.
- A Study on Attacks and Security Against Fingerprint Template Database
- The Difference Between 1:N, 1:1, and 1:Few and Why it Matters in Patient ID
- Man-in-the-middle attack
- Replay attack
- Social engineering
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.